TUCoPS :: Browsers :: echual1.txt

Meunity 1.1 script injection vulnerability


----------------------------------------------
| Meunity 1.1 script injection vulnerability |
----------------------------------------------


PROGRAM: Meunity Community System
VULNERABLE VERSIONS: all
IMMUNE VERSIONS: none
SEVERITY: really high


Tested version
==============
Meunity Community System 1.1 (stable) Released with IE 5/5.5/6 and AOL.


Description
============ 
"Meunity is a sophisticated Web-based community system that uses PHP. It is object oriented, so it is easily extendible. Its database abstraction layer allows it to be compatible with multiple databases." - sourceforge.net
In fact Meunity is a quick and simple CMS with a few options, in this options there's a forum.

There's a vulnerability in the forum that allow a badly disposed member to execute code. The problem appears when a user post in the forum, a vulnerability exists in this CMS that allow a badly disposed member to perform a typical IMG attack against visitors :

<IMG SRC="javascript:alert('unsecure')"> 


The problem
=========== 
A badly disposed member can post a topic containing malicious code and as soon as somebody see this topic the code will be executed on his workstation.


Vendors status
==============
I contacted Zack Coburn (Meunity developper) via sourceforge.net one week ago but I had no answer back.


Solution
========
There's no secure release of Meunity Community System, so the unique solution is, at this moment, to disallow posting in Meunity forum to avoid the problem. Hope that Zack Coburn will release a new immune version as soon as possible.


Links
=====
http://meunity.sourceforge.net/
http://sourceforge.net/projects/meunity/


This vulnerability's orginal paper can be found here: http://www.echu.org/modules/news/article.php?storyid=132


David Suzanne (aka dAs)
das@echu.org
http://www.echu.org 


-----------------------------------------------------------------
ECHU.ORG is not responsible for the misuse of the information we 
provide through our security advisories. These advisories are a 
service to the professional security community. In no event shall 
ECHU.ORG be liable for any consequences whatsoever arising out of 
or in connection with the use or spread of this information.
-----------------------------------------------------------------

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH